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Speed and scale 


e Analytics 
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e “Continuous everything’ 


Maybe not... 


security: Scale and scope in 2 dimensions 
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Users 


Architecture: No lack of choices today 
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Quora = Home Jf Answer RR Following 


Amazon Web Services S 


How many AWS services are there? 


Z, Answer 5) Follow 4 22 Request 


98 (as of August 2017) 
Before Fargate, EKS, etc... 
re:Invent is coming! 
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And that was just Amazon 


Azure: 218 
GCP: 74 
Alibaba, IBM/RedHat 


“But you re not 
running on-prem, too 
.are you?” 
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3 SwiftOnSecurity 


{> Microsoft has three eem E 
named Cloud App Security. 


a SwiftOnSecurity 


{F Me: Your website says Cloud Frere 
Security is part of our license 


Microsoft: No that’s a different Cloud 
App Security 
Me: ?!?!1?! 


paradox” 


Ease of 
access drives 
orgs to 
consume 
more. Unit 
costs stay 
low, but total 
costs 
increase. 


451RESEARCH.COM 
©2018 451 Research. All Rights Reserved. 


EXPENDITURE 


The cloud transformation journey 


Resource 
sprawl 


The “Jevons 


Great Expectations Wuthering Heights Brave New World 


Promises of cost savings drive Lower costs and easier Usage and costs Ongoing optimization enables flexible use of 
initial cloud investment, which access drive cloud controlled via cloud while driving savings, which encourages 
results in estate consolidation consumption, increasing tools and risk-taking, experimentation and rapid scalability 
costs and encouraging sprawl committed 
payment terms 


Cost Optimization 
Value-Adding 
y Consumption 


Waste Management 


Switching Cost 


Resource Governance 


Price Model Optimization 


= Repatriation 


A Tale of Two Options 


Some larger enterprises 
bring cloud in-house 


Consolidation 


Resource Sprawl 


Jevons Paradox 


Oou Price Index” 


CLOUD TRANSFORMATION JOURNEY 


TIME 


Source: 451 Research, “The Cloud Transformation Journey: Great Expectations Lead to a 
Brave New World”, February 27, 2018, https://clients.451research.com/reportaction/94372/Toc 
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From ‘Great Expectations’ to ‘Wuthering Heights’ 


Within the last 12 months, 25% of respondents had migrated a public 
cloud environment to a private cloud or non-cloud environment. Why? 


% of respondents (n=149) 


Performance 
Cost 


In 2018 research,? 44% plan to 
take an on-premises 


Security modernization in-place approach 
Organizationally driven to their mission-critical legacy 
Government regulation apps 

Industry regulation 
Other 
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What.about the distebuted environment? 


“Data centers on wheels” 


...or with 
arms 


General Motors: Cruise AV 


e Vehicles: Up to 100 ECUs' 
e (And that’s before self-driving) 


1 https://techcrunch.com/2016/08/25/the-biggest-threat- 
facing-connected-autonomous-vehicles-is-cybersecurity/ 
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What does this mean for security? 


Assets at risk: What’s Reasons for migrating away from public cloud 
the reach: % of respondents (n=149) 
-Of your scope? Performance ME 


e Of the ability to Cost 
integrate visibility? 

e Of your ability to Organizationally driven 
coordinate strategy Government regulation 


across all your l : 
investments? Industry regulation 
Other 
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security: Scale and scope in 2 dimensions 


The “Cyber 


Matrix”! _ 
Applications 
Pre- 
Datacenter Structural Foieni 
Networks == 
Architecture Data => 
Devices al Awareness 
Users 


Technology People 
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Security processes: New techniques 
Example: ATT&CK 


> Consistent and referenceable characterization of adversary 
tactics & practices in modular ways 


> Automation via STIX/TAXII| 


AN USES A TO ACCOMPLISH 
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Security processes: New techniques 
Example: ATT&CK 


> Consistent and referenceable characterization of adversary 
tactics & practices in modular ways 


> Automation via STIX/TAXII| 


AN USES TO IMPLEMENT A TO ACCOMPLISH 
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Security processes: New techniques 
Example: ATT&CK 


> Consistent and referenceable characterization of adversary 
tactics & practices in modular ways 


> Automation via STIX/TAXII| 


ADVERSARY USES TO IMPLEMENT TO ACCOMPLISH 
Credential Credential 


451RESEARCH.COM 
©2018 451 Research. All Rights Reserved. 


What's missing? 


AN USES A TO ACCOMPLISH 
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xz: > > 


mea 


There needs to be a corresponding view 


Of assets 


In context 

> Relationship to each other 

>» Relationship to adversary tactics and indicator events 
> The end goal: Exposure mitigation 


AN ATTACK THAT SEEK B 
ORIGINATES AT CONTACTS A ACCE STO A TO TARGET AN 


Server/ 


© But wait! It gets even better! 
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Automation and “operationalizing” resilience 


e The tools already exist or are emerging 
e But we're still left with 


ATT&CK" 


STIX Hyara F) sic thas 


Correlation 
with 
Observed 
Activity 
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That escalated quickly... The ‘GitHub-ification’ of 


securit 


MITRE ATT&CK™ Navigator 


selection controls layer controls technique controls 
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Escalation Access Movement Control 


10 items 33 items 58 items 28 items 63 items 19 items 20 items 17 items 13 items 9 items 21 item: 


Drive-by AppleScript ‘bash_profile and Access Token Access Token Account Account AppleScript Audio Automated Commo 


Compromise „bashrc Manipulation Manipulation Manipulation Discover) k Capture Exfiltration Port 
P CMSTP P P e Y Application “9 


Exploit Public- Accessibility Accessibility Binary Padding Bash History Application Deployment Automated Data Commu 


Command-Line i 
Facing Features Features Window Software Collection Compressed Throug! 
Application _‘Interface BITS Jobs Brute Force Discovery pers 


Account AppCert Distributed Clipboard Data 
Medi 
ael ed HTML Manipulation DLLs Browser Component Data Encrypted -o 
aad Bookmark Object Model Connec 


Datafrom Data Transfer 
; i 7 Discover i Prox 
Replication Control Panel _ ; a Commen Credentials in Discovery Exploitation Information Size Limits i 
Items Appinit DLLs Application History Files 


Through peia File and of Remote Repositories E filtration Custom 
Removable Dynamic Data Application g CMSTP Credentialsin Directory Services Comma 


Datafrom Over 

Media Discover) Control 
Exchange Shimming Bypass User Code Signing Registry y Logon Scripts Local System Alternative 

Spearphishing Execution through Authentication Control Exploitation for Network Protocol Custom 


Compiled HTML File E% i Passthe Data from i 
MaE ARI pacreye Crodontisi ve Hash Network Exfiltration come 


Bypass User Account Credential 


Hardware 
Contro Dumping 


Addit 
iiss AppCert DLLs —_Applnit DLLs 


DLL Search Component Firmware Access Sosming Shared Drive Over 


Spearphishing Execution through BITS Jobs 
Order Pass the 
k Neti k 
un Module Load Hijacking Component Object Forced ate Ticket Datatrom, Command MRU 


Bootkit . icati hare nd Contr 
Spearphishing Exploitation for ie: Model Hijacking Authentication ren à Removable pat ol Data 
via Service Client Execution Browser ll Contec Pana!’ Hooking ‘emote Media Obfusc: 
Extensions Hijacking APT ES Network Datip Exfiltration 
paa n Graphical User Change Default Exploitation DCShadow Input Capture Sniffing Fence Data Staged Over othar. POmain 
re Interface ~ 
File Association for Privilege pegbtuscate/Decode Input Prompt Password Remote File Email man Fallbact 
Trusted InstallUtil Escalation Copy Collection ledium Channe 
Files or Information Policy 
Relationship Component p Kerberoasting > 
Launchet Firmware Extra Window Disabling Security Discovery Remote Input Exfiltration — Multi-he 
Valid Accounts Memory Tools Keychain Peripheral Services, Capture Over Physical 
Local Job Component Injection p legend 
i LLMNR/NBT- Device Replic ^ legen 


Automation: Salvation or threat? 
Security automation 

systems have already SCRIPTS! 
begun emphasizing scale iy ES 


They, too, will reach a 
point where rationalization 
is necessary to maintain 
order 


SCRIPTS EVERYWHERE! 
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What's the com rehensive strategy? 
— PROCESS meem 


Inventory Correlation Cor : kanse & 
remediation 


On- and off-premises 
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